k8s-better is a quickly deployable Kubernetes cluster with preinstalled security tooling using Vagrant to support alerting and detection research.

This is a fork of vagrant-kubeadm-kubernetes, a TechiesCamp repo that provides a Vagrant file and associated scripts/configs to automate creating a practice environment k8s cluster using Kubeadm for some certifications.

Installed Security Tooling:

• Cilium - eBPF-based CNI that provides networking, observability, and L3/L7 security controls.
• Tetragon - an add-on component to Cilium that provides process and syscall visibility with Kubernetes context that supports container-level visibility and attribution.

Tetragon supports Tracing Policies, which are a user-configurable Kubernetes custome resource (CR) that can trace arbitrary events in the kernel and also take actions. The Tetragon repo has examples of TracingPolicies.

TracingPolices are deployed using the Kuberentes CLI kubectl:

kubectl apply -f https://raw.githubusercontent.com/cilium/tetragon/main/examples/tracingpolicy/write.yaml

1. Working Vagrant setup
2. 8 Gig + RAM workstation as the Vms use 3 vCPUS and 4+ GB RAM

The latest version of Virtualbox for Mac/Linux can cause issues.

Create/edit the /etc/vbox/networks.conf file and add the following to avoid any network related issues.

* 0.0.0.0/0 ::/0

or run below commands

sudo mkdir -p /etc/vbox/
echo "* 0.0.0.0/0 ::/0" | sudo tee -a /etc/vbox/networks.conf

So that the host only networks can be in any range, not just 192.168.56.0/21 as described here: https://discuss.hashicorp.com/t/vagrant-2-2-18-osx-11-6-cannot-create-private-network/30984/23

To provision the cluster, execute the following commands.

git clone https://github.com/sean-dfir/k8s-better.git
cd k8s-better
vagrant up

cd vagrant-kubeadm-kubernetes
cd configs
export KUBECONFIG=$(pwd)/config

or you can copy the config file to .kube directory.

cp config ~/.kube/

The dashboard is automatically installed by default, but it can be skipped by commenting out the dashboard version in settings.yaml before running vagrant up.

If you skip the dashboard installation, you can deploy it later by enabling it in settings.yaml and running the following:

vagrant ssh -c "/vagrant/scripts/dashboard.sh" master

To get the login token, copy it from config/token or run the following command:

kubectl -n kubernetes-dashboard get secret/admin-user -o go-template="{{.data.token | base64decode}}"

Proxy the dashboard:

kubectl proxy

Open the site in your browser:

https://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/overview?namespace=kubernetes-dashboard

vagrant halt

vagrant up

vagrant destroy -f